mirror of
https://github.com/lWolvesl/claw-code.git
synced 2026-04-02 21:21:53 +08:00
a66c301fa3
Add runtime OAuth primitives for PKCE generation, authorization URL building, token exchange request shaping, and refresh request shaping. Wire the API client to a real auth-source abstraction so future OAuth tokens can flow into Anthropic requests without bespoke header code. This keeps the slice bounded to foundations: no browser flow, callback listener, or token persistence. The API client still behaves compatibly for current API-key users while gaining explicit bearer-token and combined auth modeling. Constraint: Must keep the slice minimal and real while preserving current API client behavior Constraint: Repo verification requires fmt, tests, and clippy to pass cleanly Rejected: Implement full OAuth browser/listener flow now | too broad for the current parity-unblocking slice Rejected: Keep auth handling as ad hoc env reads only | blocks reuse by future OAuth integration paths Confidence: high Scope-risk: moderate Reversibility: clean Directive: Extend OAuth behavior by composing these request/auth primitives before adding session or storage orchestration Tested: cargo fmt --all; cargo clippy -p runtime -p api --all-targets -- -D warnings; cargo test -p runtime; cargo test -p api --tests Not-tested: live OAuth token exchange; callback listener flow; workspace-wide tests outside runtime/api